Location: Symbol Reference > Classes > TJwComServerSecurity Class > TJwComServerSecurity Methods > TJwComServerSecurity.AccessCheckCached Method
JWSCL Documentation
TJwComServerSecurity.AccessCheckCached Method
procedure AccessCheckCached(var CacheResult: TAuthZAccessCheckResultHandle; const DesiredAccess: DWORD; const SecurityDescriptor: TJwSecurityDescriptor; const GenericMapping: TJwSecurityGenericMappingClass; out AccessGranted: Boolean; out GrantedAccessMask: DWORD);
var CacheResult: TAuthZAccessCheckResultHandle 
Receives the value from the first AccessCheck made. The first time parameter CacheResult must be a variable with value zero or INVALID_HANDLE_VALUE. This handle is automatically freed. 
const DesiredAccess: DWORD 
Receives the access mask set by a client to get access. 
const SecurityDescriptor: TJwSecurityDescriptor 
A security descriptor assigned to the secured object. 
const GenericMapping: TJwSecurityGenericMappingClass 
A mapping class that maps generic access rights to specific ones. It is used by the AccessCheck function to convert generic access rights in the security descriptor. Can be nil.
out AccessGranted: Boolean 
Returns whether access is granted (true) or not (false). This value is only valid if no exception is thrown. 
out GrantedAccessMask: DWORD 
Returns the amount of access rights granted. This value is only valid if no exception is thrown. 

The method TJwComServerSecurity.AccessCheckCached checks whether the current client's identity.has access regarding the given security descriptor and desired access rights. It uses and already calculated access check result created by a previously call to TJwComServerSecurity.AccessCheckCached.

A cached access result is the same as comparing the desired access parameter with a previously calculated access check using MAXIMUM_ALLOWED access right. In this way the bits are compared using "and" operator. 

However, this type of access check can only be done using the same client's identity. It is useful if several access checks must be done in different called sub functions (each of them does its own access check).

The client's impersonation level is cilIdentify or cilAnonymous. These levels don't have any authentication and therefore the client cannot be impersonated. 
Copyright (c) 2010. All rights reserved.
This help was created by Doc-O-Matic sponsored by toolsfactory software inc.
What do you think about this topic? Send feedback!